GDPR and the problem with emails.
Just consider this scenario for a moment;
A financial adviser requests that a client sends them information to arrange a mortgage. To speed things up, the client e-mails scanned copies of theirs and their partner’s bank statements, payslips for the last three months and passports. The adviser receives the email, forwards it to a member of staff for processing, who then sends it on to the mortgage provider.
The adviser is sending highly personal information by ordinary e-mail, with a risk of a personal data breach if the e-mail is intercepted.
Now, the above is just one simple scenario. Imagine the number of emails sent and received every day containing personal information – especially in relation to financial products.
So what is the main security issue in this kind of email scenario? Well, plain old email is inherently insecure and everyone knows that’s the case – it’s often likened to sending information on a postcard written in pencil as anyone handling it on its journey to its destination can read and even change the contents. This means there is a significant risk that you could knowingly allow personal data to get into the wrong hands, and this information could then be misused e.g. for ID fraud.
Under GDPR, this kind of organisational failure can have far bigger consequences. Article 32 of GDPR requires that you “shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including … as appropriate … encryption of personal data”. Using email without security to handle personal information means you’re failing to meet basic GDPR requirements. This is when GDPR really bares its teeth as far larger fines are possible, of up to 20 million Euros or 4% of global turnover, whichever is the higher. A recent report even suggested that the fines issued by the ICO last year would have been 79 times higher under GDPR.
GDPR comes into effect in two weeks’ time (25 May) and exacerbates the risk to any advisers of causing a personal data breach by using unsecured email. The best way to make sure your emails remain GDPR compliant and make sure personal data doesn’t fall into the wrong hands is to encrypt them.
At Origo, we’ve seen an unprecedented 33% increase in advisers and their staff registering to use our Unipass Securemail over the last two months. (This service was launched back in 2009 and today we have over 75,800 registered users (including advisers, paraplanners, and IT staff, as well platform/product provider staff).
Despite the “geek-ness” of the word “encryption”, it really doesn’t have to be like that. The Unipass Securemail service is easy to use and GDPR compliant, enabling you to send encrypted files without requiring additional IT assistance or the need to exchange passwords or certificates. And the service is completely free to advisers and their staff.
If you would like to learn more about securing your emails with Securemail or register for the service ahead of GDPR, please visit: https://www.unipass.co.uk/Pages/Static/SecuremailOverview.aspx